Web lists-archives.com

Re: [Samba] Problem with named.service




On Sat, 9 Jun 2018 23:53:21 +0000 (UTC)
Fermin Francisco <abcddo@xxxxxxxxx> wrote:

> Good Afternoon!
> I had thinking that maybe is a permissions problem.
> Then, here the files permissions:
> 

> [root@pc ~]# ls -l /usr/local/samba/private/named.conf
> 
> -rwx------. 1 named named 738 Jun  9
> 13:17 /usr/local/samba/private/named.conf------------------------------------------------------------------------------
> 
This is mine, as you can see, anybody can read it and it is owned by
root:root, there is no reason for it to be executable.

root@dc4:~# ls -l /var/lib/samba/private/named.conf
-rw-r--r-- 1 root root 780 Mar 24
20:18 /var/lib/samba/private/named.conf

> 
> [root@pc ~]# ls -l /etc/sysconfig/selinux
> 
> lrwxrwxrwx. 1 root root 17 Mar 15  2017 /etc/sysconfig/selinux
> -> ../selinux/config

I have no idea about selinux, my distro doesn't use it, but something
that is widely readable and writeable shouldn't be a problem.

> 
> [root@pc ~]# ls -l /usr/local/samba/private/dns.keytab
> 
> -rwx------. 1 root named 707 Mar 15
> 2017 /usr/local/samba/private/dns.keytab
> ------------------------------------------------------------------------------

Mine:
root@dc4:~# ls -l /var/lib/samba/private/dns.keytab 
-rw-r----- 1 root bind 822 Mar 24
20:18 /var/lib/samba/private/dns.keytab

Again, why is yours executable ?
But more importantly, why can 'named' not read it ????
I suggest:
chmod 0640 /usr/local/samba/private/dns.keytab

Rowland


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba